package com.mtao.security;

import jakarta.annotation.Resource;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.CorsFilter;

import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;

/**
 * Spring Security 配置类
 */

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig{

    private final CorsFilter corsFilter;

    private final JwtAuthorizationFilter jwtAuthorizationFilter;

    private final AdminTokenFilter adminTokenFilter;

    private final UserTokenFilter userTokenFilter;

    @Resource
    private  SecurityAuthenticationEntryPoint securityAuthenticationEntryPoint;

    /**
     * 创建一个密码编码器实例
     * 使用BCryptPasswordEncoder实现
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    /**
     * 创建一个SecurityFilterChain实例
     * @param http
     * @return
     * @throws Exception
     */
//    @Bean
//    public SecurityFilterChain SecurityFilterChain(HttpSecurity http) throws Exception {
//        //  禁用csrf
//        http.csrf(AbstractHttpConfigurer::disable);
//        //  禁用session
//        http.sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS));
//        //  配置权限
//        http.authorizeHttpRequests(authorizeHttpRequests ->
//                authorizeHttpRequests
//                        .requestMatchers("/auth/login","/auth/code","/auth/wx/login","/create/img","/wx/**")
//                        .permitAll().anyRequest().authenticated()
//        );
//        //  配置跨域
//        http.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
//        //  将配置交由JWT
//        .addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class);
//        //  配置自定义异常处理
//        http.exceptionHandling(exceptionHandling -> exceptionHandling
//                .authenticationEntryPoint(securityAuthenticationEntryPoint));
//        return http.build();
//    }

    /**
     * 创建一个SecurityFilterChain实例  用户端
     * @param http
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain userSecurityFilterChain(HttpSecurity http) throws Exception {
        //  禁用csrf
        http.csrf(AbstractHttpConfigurer::disable);
        //  禁用session
        http.sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS));
        //  配置权限
        http.authorizeHttpRequests(authorizeHttpRequests ->
                authorizeHttpRequests
                        .requestMatchers("/admin/**")
                        .permitAll().anyRequest().authenticated()
        );
        //  配置跨域
        http.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
                //  将配置交由JWT
                .addFilterBefore(userTokenFilter, UsernamePasswordAuthenticationFilter.class);
        //  配置自定义异常处理
        http.exceptionHandling(exceptionHandling -> exceptionHandling
                .authenticationEntryPoint(securityAuthenticationEntryPoint));
        return http.build();
    }

    /**
     * 创建一个SecurityFilterChain实例  管理员端
     * @param http
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception {
        //  禁用csrf
        http.csrf(AbstractHttpConfigurer::disable);
        //  禁用session
        http.sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS));
        //  配置权限
        http.authorizeHttpRequests(authorizeHttpRequests ->
                authorizeHttpRequests
                        .requestMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated()
        );
        //  配置跨域
        http.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
                //  将配置交由JWT
                .addFilterBefore(adminTokenFilter, UsernamePasswordAuthenticationFilter.class);
        //  配置自定义异常处理
        http.exceptionHandling(exceptionHandling -> exceptionHandling
                .authenticationEntryPoint(securityAuthenticationEntryPoint));
        return http.build();
    }

    /**
     * 创建一个AuthenticationManager实例
     * @param authenticationConfiguration
     * @return
     * @throws Exception
     */

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }






}
